This section describes changes to the required access permissions that clients must possess to invoke the SMAPI methods. For complete details of the SMAPI methods, use a Web browser to access docs/html/index.html in your Enterprise Security installation; then, select the com.sybase.ep.security.management package.
Table 5-12 describes the permissions required to run the AssetManagementHome interface methods.
Method |
Permission required |
|---|---|
create(java.util.Map assetInfo) |
WRITE on the asset’s controlling asset in the domain that contains the organization in which this asset is being created. |
create(String, String) |
WRITE on the asset’s controlling asset in the domain that contains the organization in which this asset is being created. |
create(String, String, String) |
WRITE on the asset’s controlling asset in the domain that contains the organization in which this asset is being created. |
findByPrimaryKey(String) |
READ on the asset or the asset’s controlling asset. |
findByDN(String) |
READ on the asset or the asset’s controlling asset. |
Table 5-13 describes the permissions required to run the AssetManagementQueries interface methods.
Method |
Permission required |
|---|---|
listAccessibleByRole(String) |
LIST on the asset’s controlling asset. |
listByOrganization(String) |
LIST on the asset’s controlling asset. |
listByOrganization(String, boolean) |
LIST on the asset’s controlling asset. |
listByOrganizationAndType( String, String) |
LIST on the asset’s controlling asset. |
listByType(String) |
LIST on the asset’s controlling asset. |
listInfoByConditions(SearchInfo[], Integer) |
LIST on the controlling assets of the assets returned. |
moveToNewOrganization(String[], String) |
DELETE on the assets being moved, or their controlling assets, or the caller must be the owner of the assets, and WRITE on the asset control asset of the domain in which the specified organization exists. |
Table 5-14 describes the permissions required to run the AssetManagement interface methods.
Method |
Permission required |
|---|---|
setName() |
UPDATE on the asset or controlling asset. |
setOrganization() |
DELETE on the asset or controlling asset, and WRITE on the asset’s controlling asset in the new organization. |
setType(String) |
UPDATE on the asset or controlling asset. |
setRoleProxyAuthInfoPriorities(String[]) |
UPDATE on the asset or controlling asset. |
setDataObject(java.lang.Object) |
UPDATE on the asset. |
setData(byte[]) |
UPDATE on the asset. |
revokeAccess(String, String) |
GRANT on the asset or controlling asset. |
removeAssetAccessCtrlInfo() |
GRANT on the asset or controlling asset. |
removeAccessCtrlInfoForRole(String) |
GRANT on the asset or controlling asset. |
remove() |
DELETE on the asset or controlling asset. |
grantAccess(String, String) |
GRANT on the asset or controlling asset. |
getData() |
READ on the asset. |
getDataObject() |
READ on the asset. |
setInfo() |
UPDATE on the asset or the controlling asset. |
Table 5-15 describes the permissions required to run the DomainManagementHome interface methods.
Method |
Permission required |
|---|---|
create(java.util.Map) |
WRITE on the domain’s controlling asset in the domain containing the root organization. |
findByPrimaryKey() |
READ on the domain’s controlling asset. |
findByName(String) |
READ on the domain’s controlling asset. |
Table 5-16 describes the permissions required to run the DomainManagement interface methods.
Method |
Permission required |
|---|---|
remove() |
DELETE on the domain’s controlling asset. |
setRules() |
UPDATE on the domain’s controlling asset. |
setPolicy() |
UPDATE on the domain’s controlling asset. |
removeRules() |
UPDATE on the domain’s controlling asset. |
setDefaults() |
UPDATE on the domain’s controlling asset. |
setInfo() |
UPDATE on the domain’s controlling asset. |
Table 5-17 describes the permission required to run the DomainQueries interface methods.
Method |
Permission required |
|---|---|
listInfoByConditions(SearchInfo[], Integer) |
READ on the domain’s controlling asset. |
Table 5-18 describes the permissions required to run the GroupQueries interface methods.
Method |
Permission required |
|---|---|
listByDefaultRole(String) |
LIST on the controlling assets of the groups. |
listByOrganization(String) |
LIST on the controlling assets of the groups. |
listByRole(String) |
LIST on the controlling assets of the groups. |
listBySubject(String) |
LIST on the controlling assets of the groups. |
listInfoByConditions(SearchInfo[],Integer) |
LIST on the controlling assets of the groups that are returned. |
moveToNewOrganization(String[],String) |
DELETE on the groups’ controlling asset in the existing organization and WRITE on the groups’ controlling asset in the new organization. |
Table 5-19 describes the permissions required to run the GroupManagementHome interface methods.
Method |
Permission required |
|---|---|
create(java.util.Map) |
WRITE on the group’s controlling asset in the domain that contains the organization in which this group is being created. |
create(String) |
WRITE on the group’s controlling asset in the domain that contains the organization in which this group is being created. |
create(String, String) |
WRITE on the group’s controlling asset in the domain that contains the organization in which this group is being created. |
findByPrimaryKey(String) |
READ on the group’s controlling asset. |
findByDN(String) |
READ on the group’s controlling asset. |
Table 5-20 describes the permissions required to run the GroupManagement interface methods.
Method |
Permission required |
|---|---|
addMember(String) |
UPDATE on the group’s controlling asset. |
remove() |
DELETE on the group’s controlling asset. |
removeMember(String) |
UPDATE on the group’s controlling asset. |
setName() |
UPDATE on the group’s controlling asset. |
setOrganization() |
DELETE on the group’s current controlling asset, and WRITE on the controlling asset in the new organization. |
setInfo() |
UPDATE on the group’s controlling asset. |
Table 5-21 describes the permissions required to run the OrganizationQueries interface methods.
Method |
Permission required |
|---|---|
listRootOrganizations() |
LIST on the controlling assets of all the root organizations. Currently, only one root organization can exist; however, future versions of Enterprise Security are scheduled to support multiple root organizations. |
listSuborganizations(String) |
LIST on the controlling asset of the specified organization. |
listByDomain() |
LIST on the controlling assets of the organizations that are returned. |
listRootOrgs() |
LIST on the controlling assets of all the root organizations. |
listInfoByConditions(SearchInfo[], Integer) |
LIST on the controlling assets of the all the organizations that are returned. |
Table 5-22 describes the permissions required to run the OrganizationManagementHome interface methods.
Method |
Permission required |
|---|---|
create(java.util.Map) |
WRITE on the controlling asset of the parent organization. |
create(String, String) |
WRITE on the controlling asset of the parent organization. |
findByPrimaryKey(String) |
READ on the controlling asset of the specified organization. |
findByDN(String) |
READ on the organization or its controlling asset. |
Table 5-23 describes the permissions required to run the OrganizationManagement interface methods.
Method |
Permission required |
|---|---|
remove() |
DELETE on the controlling asset of the organization. |
setDomain() |
DELETE on the controlling asset of the current domain and WRITE on the controlling asset of the new domain. |
setName() |
UPDATE on the controlling asset of the organization. |
setOrganization() |
DELETE on the controlling asset and WRITE on the organization’s controlling asset in the new organization. |
setInfo() |
UPDATE on the controlling asset of the organization. |
Table 5-24 describes the permissions required to run the ProxyAuthenticationInfoQueries interface methods.
Method |
Permission required |
|---|---|
listByAsset(String) |
READ on the asset or the controlling asset. |
listByRole(String) |
READ on the role’s controlling asset. |
listBySubject(String) |
READ on the subject’s controlling asset, or the caller must be the subject. |
listInfoByConditions(SearchInfo[]) |
Permission required depends on the specified conditions. READ on the asset or the asset’s controlling asset, or READ on the role’s controlling asset, or READ on the subject’s controlling asset, or the caller must be the subject. |
Table 5-25 describes the permissions required to run the ProxyAuthenticationInfoManagementHome interface methods.
Method |
Permission required |
|---|---|
create(java.util.Map) |
To create proxy authentication information, which associates these security objects with their controlling assets:
|
findByPrimaryKey( ProxyAuthenticationInfoKey) |
To get the remote interface that enables you to manage the proxy authentication information for these security objects:
|
Table 5-26 describes the permissions required to run the ProxyAuthenticationInfoManagement interface methods.
Method |
Permission required |
|---|---|
remove() |
UPDATE on the controlling asset of the security object (asset, role, or subject) with which the proxy authentication information is associated. Users can delete their own subject-level proxy authentication information. |
setInfo(java.util.Map) |
UPDATE on the controlling asset of the security object (asset, role, or subject) with which the proxy authentication information is to be associated. Users can update their own subject-level proxy authentication information. |
setPassword(String) |
UPDATE on the controlling asset of the security object (asset, role, or subject) with which the proxy authentication information is associated, or UPDATE on the asset itself for asset-level proxy authentication information. Users can update their own subject-level proxy authentication password. |
setUrl(String) |
UPDATE on the controlling asset of the security object (asset, role, or subject) with which the proxy authentication information is associated. Users can update their own subject-level proxy authentication URL. |
setUsername(String) |
UPDATE on the controlling asset of the security object (asset, role, or subject) with which the proxy authentication information is associated, or UPDATE on the asset itself for asset-level proxy authentication information. Users can update their own subject-level proxy authentication user name. |
Table 5-27 describes the permissions required to run the RoleQueries interface methods.
Method |
Permission required |
|---|---|
listAncestors(String) |
LIST on the controlling assets of the roles that are returned. |
listByFilter(java.util.Map) |
LIST on the controlling assets of the roles that are returned. |
listByOrganization(String) |
LIST on the controlling assets of the roles that are returned. |
listDefaultGrantedToGroup(String) |
LIST on the controlling assets of the roles that are returned. |
listDefaultGrantedToSubject(String) |
LIST on the controlling assets of the roles that are returned. |
listDescendants(String) |
LIST on the controlling assets of the roles that are returned. |
listExplicitlyGrantedToSubject(String) |
LIST on the controlling assets of the roles that are returned. |
listGrantedToGroup(String) |
LIST on the controlling assets of the roles that are returned. |
listGrantedToSubject(String) |
LIST on the controlling assets of the roles that are returned. |
listMutuallyExclusive(String, int) |
This method is no longer supported. |
listAncestorRoles(SearchInfo) |
LIST on the controlling assets of the roles that are returned. |
listDescendantRoles(SearchInfo) |
LIST on the controlling assets of the roles that are returned |
listInfoByConditions(SearchInfo[], Integer) |
LIST on the controlling assets of the roles that are returned. |
moveToNewOrganization(String[], String) |
DELETE on the roles’ controlling asset in the existing domain and WRITE on the roles’ controlling asset in the domain that contains the specified organization. |
Table 5-28 describes the permissions required to run the RoleManagementHome interface methods.
Method |
Permission required |
|---|---|
create(java.util.Map) |
WRITE on the role’s controlling asset in the domain that contains the organization in which this role is being created. |
create(String) |
WRITE on the role’s controlling asset in the domain that contains the organization in which this role is being created. |
create(String, String) |
WRITE on the role’s controlling asset in the domain that contains the organization in which this role is being created. |
findByPrimaryKey(String) |
READ on the role’s controlling asset. |
FindByDN(String) |
READ on the role’s controlling asset. |
Table 5-29 describes the permissions required to run the RoleManagement interface methods.
Method |
Permission required |
|---|---|
addInheritanceRelationship(String) |
GRANT on the controlling asset of the specified role. |
addMutualExclusionRelationship(String, int) |
This method is no longer supported. |
grantToGroup(String) |
GRANT on the role’s controlling asset. |
grantToGroup(String, boolean) |
GRANT on the role’s controlling asset. |
grantToSubject(String) |
GRANT on the role’s controlling asset. |
grantToSubject(String, boolean) |
GRANT on the role’s controlling asset. |
remove() |
DELETE on the role’s controlling asset. |
removeAsDefaultFromGroup(String) |
GRANT on the role’s controlling asset. |
removeAsDefaultFromSubject(String) |
GRANT on the role’s controlling asset. |
removeInheritanceRelationship(String) |
GRANT on the specified role’s controlling asset. |
removeMutualExclusionRelationship(String) |
This method is no longer supported. |
revokeFromGroup(String) |
GRANT on the role’s controlling asset. |
revokeFromSubject(String) |
GRANT on the role’s controlling asset. |
setName() |
UPDATE on the role’s controlling asset. |
setOrganization() |
DELETE on the role’s controlling asset in the existing organization and WRITE on the role’s controlling asset in the new organization. |
setInfo() |
UPDATE on the role’s controlling asset. |
Table 5-30 describes the permissions required to run the SubjectQueries interface methods.
Method |
Permission required |
|---|---|
listByDefaultRole(String) |
LIST on the controlling assets of the subjects that are returned. |
listByGroup(String) |
LIST on the controlling assets of the subjects that are returned. |
listByLockType(int) |
LIST on the controlling assets of the subjects that are returned. |
listByOrganization(String) |
LIST on the controlling assets of the subjects that are returned. |
listByRole(String) |
LIST on the controlling assets of the subjects that are returned. |
listInfoByConditions(SearchInfo[], Integer) |
LIST on the controlling assets of the subjects that are returned. |
moveToNewOrganization(String[], String) |
DELETE on the subject’s controlling asset in the existing organization and WRITE on the subject’s controlling asset in the new organization. |
listInfoByLockType(String[], int) |
LIST on the controlling assets of the subjects that are returned. |
Table 5-31 describes the permissions required to run the SubjectManagementHome interface methods.
Method |
Permission required |
|---|---|
create(java.util.Map) |
Guest role, or WRITE permission on the subject’s controlling asset in the domain that contains the organization in which this subject is being created. |
create(String, String, String, String, String) |
Guest role, or WRITE permission on the subject’s controlling asset in the domain that contains the organization in which this subject is being created. |
create(String, String, String, String, String, String) ) |
Guest role, or WRITE permission on the subject’s controlling asset in the domain that contains the organization in which this subject is being created. |
findByPrimaryKey(String) |
READ on the subject’s controlling asset, or the caller must be the subject. |
findByDN(String) |
READ on the subject’s controlling asset, or the caller must be the subject. |
findByUid(String) |
READ on the subject’s controlling asset, or the caller must be the subject. |
Table 5-32 describes the permissions required to run the SubjectManagement interface methods.
Method |
Permission required |
|---|---|
isAccountDisabled() |
READ on the subject’s controlling asset, or the caller must be the subject. |
isExemptFromInactivityExpiration() |
READ on the subject’s controlling asset, or the caller must be the subject. |
isExemptFromPasswordExpiration() |
READ on the subject’s controlling asset, or the caller must be the subject. |
isLocked(int) |
READ on the subject’s controlling asset, or the caller must be the subject. |
lockAccount(int, int) |
UPDATE on the subject’s controlling asset. |
remove() |
DELETE on the subject’s controlling asset. |
resetLastLoginDate() |
UPDATE on the subject’s controlling asset. |
setAccountDisabled(boolean) |
UPDATE on the subject’s controlling asset. |
setEmail(String) |
UPDATE on the subject’s controlling asset, or the caller must be the subject. |
setExemptFromInactivityExpiration( boolean) |
UPDATE on the subject’s controlling asset. |
setExemptFromPasswordExpiration( boolean) |
UPDATE on the subject’s controlling asset. |
setExpirationDate(java.util.Date) |
UPDATE on the subject’s controlling asset. |
setInfo(java.util.Map) |
UPDATE on the subject’s controlling asset, or the caller must be the subject. |
setName |
UPDATE on the subject’s controlling asset, or the caller must be the subject. |
setOrganization() |
DELETE on the subject’s controlling asset in the existing organization, and WRITE on the subject’s controlling asset in the new organization. |
setPassword(String) |
UPDATE on the subject’s controlling asset. |
setPassword(String, String) |
Caller must be the subject. |
setPhone(String) |
UPDATE on the subject’s controlling asset, or the caller must be the subject. |
setTemporaryPassword() |
UPDATE on the subject’s controlling asset. |
unlockAccount(int) |
UPDATE on the subject’s controlling asset. |
